From mount(2):
Specifying mountflags as:
MS_REMOUNT | MS_BIND | MS_RDONLY
will make access through this mountpoint read-only, without affecting
other mount points.
Hence use MS_BIND when remounting container rootfs read-only.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
mount("sysfs", "/sys", "sysfs", MS_NOATIME | MS_NODEV | MS_NOEXEC | MS_NOSUID | MS_RDONLY, 0);
}
if (opts.ronly)
- mount(NULL, "/", NULL, MS_RDONLY | MS_REMOUNT, 0);
+ mount(NULL, "/", NULL, MS_REMOUNT | MS_BIND | MS_RDONLY, 0);
return 0;
}